Privacy Policy

Last updated: May 5th, 2018

We reserve the right to modify this privacy statement with immediate effect.

Embark Corp (“Company,” “we,” “us”) is dedicated to ensuring data privacy and security for our users. We are fully committed to adhering to all global security and privacy frameworks governing the usage of our service by applicants and other types of users, including:

You agree to this Privacy Policy, in its entirety, when you access or use our Website (embark.com) or share personal information with us.

1. Information We Collect

A. What you share with us

We collect information about you when you voluntarily provide us with information through school, fellowship, financial aid, or other Website forms. The information you may be requested to submit by our school and fellowship clients may include (but is not limited to): (1) Name, (2) Address, (3) Email Address, (4) Telephone Number, (5) Social Security Number [for US applicants], and (6) Date of Birth. We also might receive information from your communications with us through our Website, email or telephone. Should you explicitly indicate interest in a third-party product or service featured on our site, we will track your interest in this service.

B. What is automatically collected

For the purposes of improving our system performance, we may collect non-personally identifiable information such as your IP address (think of it as your address on the Internet so we can assess volume by country/region), cookies ( a small text file that Web sites can place on your hard drive to help remember your Username, as an example), computer settings (for example, what browser you are using), or analytics stats gathered by web tracking software.

C. Information provided by a Third Party Provider

As a benefit to our users, we integrate with third-party sites that provide information. An example would be an integration with Facebook so users can choose to log in via existing Facebook credentials instead of creating Embark credentials.

2. Use of information

We may share some or all of the information we collect, as described above, with affiliated organizations and companies and with third parties (i.e. non-affiliated companies).

Examples include sharing your data with the following:

the institution or organization to which you are applying

third-party service providers that can perform a service on your behalf, e.g. test score verification or our support ticketing platform for tracking applicant questions

third-party service providers where you have indicated an explicit interest in their services

third-party service providers as required by law, for example in response to a regulatory inquiry

Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.

3. Your Privacy Choices

Embark currently operates on a strict “opt-in” basis prior to sharing information with unaffiliated third parties not central to completing the application process. We consider this unlikely to change but, should we ever find a valid user benefit to shifting away from this model, we would provide the opportunity for users to “opt-out” via an unsubscribe link or contacting the support team.

4. Security

Embark takes your security seriously. While perfect security on the Internet is impossible to promise, we maintain physical, electronic, and procedural safeguards to protect the information you provide to us. We restrict access to this information to employees with a need to know this information to provide you with the benefit, assistance or service you request or would like to obtain, and to those employees that need the information to do their jobs.

5. Minors

Embark responds responsibly to site visitors who are minors and its application generally target an older audience. We adhere to US federal and state laws regarding visitors under 18 years of age (COPPA).

6. Data Access, Correction, and Removal

Individuals may access their data through the Embark portal using their unique login. If your personally identifiable information changes, or if you no longer desire our service, you can correct, update, or delete the information you have provided to us by contacting us at support at embark.com.

Embark complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union members countries. Embark has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, Embark commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Michael Turbe at: support@embark.com

Please note that if your complaint is not resolved through the aforementioned channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Embark is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Embark is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

GDPR Requirement

Embark Policy

The identity and the contact details of thecontroller and data protection officer (where applicable

Embark’s controller and dataprotection officer is Michael Turbé, Embark’s engineering lead, who can be reached at supportat embark.com.

The purposes of the processing for which thepersonal data are intended as well as the legal basis for the processing,including the legitimate interests pursued by the controller

Embark’s typically processes personaldata of applicants (often students) on behalf of institutions for thepurposes of allowing these institutions to recruit, accept applications,evaluate, and enroll applicants. See section above on “Use of Information” for othercategories of use.

The recipients or categories of recipients of thepersonal data, if any

Where applicable, the fact that the controllerintends to transfer personal data to a third country or international organisation and how the transfer ensure adequacy ofprotection (i.e. which of the approved transfer mechanisms are used)

Embark uses Amazon’s global web hostingcapabilities and personal data is currently stored in the United States.

The period for which the personal data will bestored, or if that is not possible, the criteria used to determine thatperiod

The storage period will be determined based onhow helpful past data is for the current admissions cycle – for example, someclients like to compare year over year data or allow applicants who arere-applying to reference prior years’ applications.

The existence of the right to request from thecontroller access to and rectification or erasure of personal data orrestriction of processing concerning the data subject or to object toprocessing as well as the right to data portability

Embark users may request through theirinstitution the update or deletion of their personal data as well as anextract of the data they have provided.

Where the processing is based on consent, theexistence of the right to withdraw consent at any time, without affecting thelawfulness of processing based on consent before its withdrawal

Embark users may request through theirinstitution the withdrawal of their consent, which would result in thedeletion of their data, including any application, recommendation orassociated documents shared with Embark via the cited institution.

Whether the provision of personal data is astatutory or contractual requirement, or a requirement necessary to enterinto a contract, as well as whether the data subject is obliged to providethe personal data and of the possible consequences of failure to provide suchdata

Each client institution of Embark will notewhich elements of data, personal or otherwise, are required components oftheir application or other forms.

The existence of automated decision-making,including profiling, meaningful information about the logic involved, as wellas the significance and the envisaged consequences of such processing for thedata subject

Each client institution of Embark will post onits own web site the eligibility requirements for its application, which mayinclude age and other factors.